home

novyy chit.exe

SCSI Pass Through Direct

Idea Grant

The executable novyy chit.exe, “SCSI Pass Through Direct setup” has been detected as malware by 1 anti-virus scanner. This is a setup and installation application and has been known to bundle potentially unwanted software. The file has been seen being downloaded from twoislandstride.ru.
Publisher:
Duplex Secure Ltd.  (signed by Idea Grant)

Product:
SCSI Pass Through Direct

Description:
SCSI Pass Through Direct setup

Version:
1.81.0.0 built by: WinDDK

MD5:
c63056c0e8209c193af0e4170abcd2b2

SHA-1:
b21e269fb753c4ee21adfd0a0be52333ca351d6a

SHA-256:
d435adfd3d9b8bcf635bb3bf7d2302961711ece16cfd9ee58170ae5f2bf61b83

Scanner detections:
1 / 68

Status:
Malware

Analysis date:
1/10/2025 3:34:06 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP (M)
16.11.28.14

File size:
565.5 KB (579,048 bytes)

Product version:
1.81.0.0

Copyright:
Copyright (C) 2004-2012

Original file name:
sptdinst.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\novyy chit.exe

Digital Signature
Signed by:
Idea Grant

Authority:
COMODO CA Limited

Valid from:
7/7/2016 3:00:00 AM

Valid to:
7/8/2017 2:59:59 AM

Subject:
CN=Idea Grant, O=Idea Grant, STREET="Street Roshinsky 2-I, 4", L=Moscow, S=Moscow, PostalCode=11511, C=RU

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
1D3CFCB709BE6836F9A4B0955ED08E3E

File PE Metadata
Compilation timestamp:
7/27/2016 2:57:45 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
12288:zV8FOI4ROvyXlPWB2CWMypDecu06emAvyWd+f:eFOIciygB2CWMeDoNQqWd+f

Entry address:
0x12B0

Entry point:
55, 8B, EC, B8, E0, 8B, 00, 00, E8, D3, FF, FF, FF, 53, 56, 57, C6, 45, F4, 3E, C1, E9, 00, 68, CF, 12, 40, 00, C3, 33, EB, EB, 02, 33, DD, 90, 8B, D2, 8D, 12, EB, 01, 50, EB, 02, 03, C7, EB, 02, 2B, C2, 68, EF, 12, 40, 00, C3, 81, C2, 6E, 9B, 47, 0A, C7, 85, 74, 77, FF, FF, 05, 00, 00, 00, 8B, 85, 74, 77, FF, FF, 83, C0, 0D, 89, 85, 74, 77, FF, FF, 81, BD, 74, 77, FF, FF, 89, D8, 00, 00, 76, 02, EB, 1C, 6A, 00, FF, 15, 4C, 70, 40, 00, 68, 84, D0, 40, 00, FF, 15, 88, 70, 40, 00, B9, 1F, 02, 00, 00, 85, C9...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
23.5 KB (24,064 bytes)

The file novyy chit.exe has been seen being distributed by the following URL.

http://twoislandstride.ru/MTExNTk7aHR0cCUzQSUyRiUyRm1lZGlhLWFuZHJvaWQucnUlMkYlMjEzYzgwYjBiYTRiOTJkZDAwNmU3NzU2ZTI5OTk1OWRmZDc5MmJiZjVmMTI1N2FmZDNmZWE0NWJmZGQ1YjQxMGIyO25hbWU9JUQwJTlEJUQwJTlFJUQwJTkyJUQwJUFCJUQwJTk5KyVEMCVBNyVEMCU5OCVEMCVBMi5leGU7c2l6ZT05MTMyODI1O3R5cGU9YXJjaGl2ZTt1dG09ZXlKemIzVnlZMlVpT2lJeE5UUTFNQ0lzSW0xbFpHbDFiU0k2SWlJc0ltTmhiWEJoYVdkdUlqb2lJaXdpZEdWeWJTSTZJaUlzSW1OdmJuUmxiblFpT2lJaWZRPT07cmVhbF9yZWZlcmVyPTtmb3JjZV9maWxlPXRydWU=

Remove novyy chit.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.